[Freeipa-users] unable to effectively delete a replica agreement
Karl Forner
karl.forner at gmail.com
Fri Dec 18 14:45:33 UTC 2015
I am running a master freeIPA called "ipa" in an adelton/freeipa-server
(freeIPA 4.1.4).
I am able to create a replica server "ipa2", still in an
adelton/freeipa-server.
If I stop my ipa2 replica, and try to delete the replication agreement:
%ipa-replica-manage del ipa2.example.com --force -v
It hangs forever.
If I run it using the --cleanup option, it seems to work.
But when I try to run again from scratch my replica, using the same name, I
get:
Checking forwarders, please wait ...
WARNING: DNS forwarder 10.9.70.7 does not return DNSSEC signatures in
answers
Please fix forwarder configuration to enable DNSSEC support.
(For BIND 9 add directive "dnssec-enable yes;" to "options {}")
WARNING: DNSSEC validation will be disabled
Warning: skipping DNS resolution of host ipa2.example.com
Warning: skipping DNS resolution of host ipa.example.com
Using reverse zone(s) 0.17.172.in-addr.arpa.
A replication agreement for this host already exists. It needs to be
removed.
Run this on the master that generated the info file:
% ipa-replica-manage del ipa2.example.com --force
On my master:
# ipa-replica-manage list
ipas.example.com: master
ipa.example.com: master
I manually removed all DNS entries from the 3 zones mentioning ipa2. I can
check in the web UI, using the search feature that ipa2 has no occurrence.
So I do not understand why the replica install thinks there's still a
replication agreement.
And I'd like to know:
1) why this command did not work
ipa-replica-manage del ipa2.example.com --force -v
2) How could I manually effectively delete this agrrement left-over.
Thanks.
Karl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151218/097a91e7/attachment.htm>
More information about the Freeipa-users
mailing list